7.2

CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X.OrgEmu-linux-x87-xlibs Version7.0_r1
X.OrgX11r6 Version6.7.0
X.OrgX11r6 Version6.8
X.OrgX11r6 Version6.8.1
X.OrgX11r6 Version6.8.2
X.OrgX11r7 Version1.0
X.OrgX11r7 Version1.0.1
X.OrgX11r7 Version1.0.2
X.OrgXdm Version1.0.3
X.OrgXf86dga Version1.0.0
X.OrgXinit Version1.0.2_r5
X.OrgXload Version1.0.0
X.OrgXorg-server Version1.02_r5
X.OrgXterm Version214
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.345
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
http://secunia.com/advisories/25032
http://secunia.com/advisories/25059
http://security.gentoo.org/glsa/glsa-200704-22.xml
http://www.securityfocus.com/bid/23697
http://www.vupen.com/english/advisories/2007/0409
http://secunia.com/advisories/22332
http://www.debian.org/security/2006/dsa-1193
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
Patch
http://secunia.com/advisories/21650
Patch
Vendor Advisory
http://secunia.com/advisories/21660
http://secunia.com/advisories/21693
http://security.gentoo.org/glsa/glsa-200608-25.xml
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/300368
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:160
http://www.securityfocus.com/bid/19742
http://www.vupen.com/english/advisories/2006/3409